<?php require_once '../yubiphpbase/appinclude.php';
require_once '../yubiphpbase/yubi_lib.php';

if (($usrid = getUsrIdFromSession()) <= 0) {
	echo TIMEDOUT;
	exit;
}

$_SESSION['tab'] = 3;
$act = getHttpVal('act', '');
writeLog('# act = '.$act, true);
$email = getHttpVal('email', '');
	
if (strlen($act) > 0) { // Perform the specified action 
  $otp = strtolower(getHttpVal('otp', ''));
  $pin = getHttpVal('pin', '');
  $notes = getHttpVal('notes', '');

  if (strlen($otp) > 0) {
    $devId = substr($otp, 0, DEVICE_ID_LEN);
    $a = getKeyInfo($devId);
    if (!isset($a['keyid'])) {
  	  $_SESSION['alert'] = 'Yubikey '.$devId.' is not in the database.';
  	  header('Location: index.php');
  	  exit;
    }
    $keyid = $a['keyid'];
    $keyOwner = clientOfYubikey($a['keyid']);

	if ($keyOwner != $_SESSION['client']) {
		$_SESSION['alert'] = 'The Yubikey is owned by another client! ';//.$keyOwner.' '.$_SESSION['client'];
		header('Location: index.php');
		exit;
    } else {
  	  $_SESSION['alert'] = '';
    }
  } // OTP checking
  else {
  	$_SESSION['alert'] = 'Enter the OTP from the Yubikey!';
	header('Location: index.php');
	exit;
  }  
  
  if (strcmp($act,'add_client') == 0) { // Add a client and an admin for it
    delAdminByKeyId($keyid);
    $perm = getHttpVal('perm', 0);
	$apiKey = getHttpVal('api_key', '');
	
	// Add a new client

    if (($client=addClient($email.' '.$devId, $apiKey, $perm, $notes)) > 0) { 
      
      // Client added
      addHist($usrid, 'add client '.$client.' '.$email, 0, $_SESSION['client']);
      
      if (strlen($otp) > 0) { // OTP exits, add the adm yubikey
    	  
        if (addNewAdmKeyAndPin($keyid, $pin, $devId, $notes, $client)) {

          if ($client != $_SESSION['client']) {
      		if (updClientOfKey($keyid, $client)) {
      		  $_SESSION['alert'] .= 'Client-'.$client.
		  		' was added successfully! Notify the new client of its<p>API Key:'.
      			$apiKey.', YMS password: '.$pin;
			  if ($perm >= 1 && $perm <= 2) {
          		sendMail($email, 'Your Yubikey management account is activated',
					'Dear Yubikey client, you can now log in to '.$appurl.
					' by using your Yubikey with the device ID '.$devId.' and password: '.$pin.
					' to manage your Yubikey(s).', $admEmail);
			  } else {
			  	writeLog('# perm = '.$perm.' activation email unsent.');
			  }
      		} else {		
      			$_SESSION['alert'] .= 'Failed to update the owner of the Yubikey to the client! '.$contactAdm;
      			delClient($client);
      		}
          }  	        	
        } else {
          $_SESSION['alert'] .= 'Failed to add the admin key to the client! '.$contactAdm;
          delClient($client);
        }
      } else {
      	$_SESSION['alert'] .= 'Missing OTP';
      	delClient($client);
      }
    } else {
      $_SESSION['alert'] .= 'Failed to add a new client! '.$contactAdm;
    }
  } // End of add a new client + admin yubikey
  
  header('Location: index.php');
  exit;

} // End of action

?>

<h1>
Create a New Client with a New API Key and a New Password
</h1>

<form name=add_client id=add_client method=POST action=sub_client.php autocomplete=off>
<input type=hidden name=act value=add_client>

<table border=0 width=100%>
<tr><td align=left colspan=9>

 <table border=0> 
 <tr>
 <td valign=top nowrap align=left><h3>Add a new client & an<br>admin Yubikey for it:</h3></td>
 <td width=10></td>
 <td>
 A Client is an issuer that issues Yubikeys to her users and use this server for OTP validation
 and Yubikey management. It can log in to this console to manage its Yubikeys.
 It can also create other sub-clients.
 </td></tr>
 </table>

</td></tr>

<tr><td align=right><font size=2>
Client admin email:
</td>
<td align=left><font size=2>
<input name=email id=email size=40 maxlength=100 class=inputtxt 
 value=<?php echo $_SESSION['email'];?>>
</td></tr>

<tr><td align=right><font size=2>Permission:</td>
<td align=left>
<select name=perm class=inputtxt>
<option value="2">Verify OTP + Manage Yubikeys</option>
<option value="3">Verify OTP Only</option>
</select>
</td></tr>

<tr><td align=right><font size=2>
<a target=_new href=http://yubico.com/developers/api/>
<font color=#008800> API Key: <b>?</b></font></a>
</td>
<td align=left><font size=2>
<input name=api_key id=api_key size=40 maxlength=100 class=inputtxt 
 value="<?php echo genAPIKey();?>" readonly="readonly">
</td>
<td align=left>
<font size=1 color=#aaaaaa><< Auto-generated. It is used to verify OTP validation
requests & responses.</font>
</td></tr>

<tr><td align=right><font size=2>Note about this client:
<br><font size=1 color=#aaaaaa>
(Max is <?php echo MAX_NOTE;?> characters)
</td>
<td align=left>	
<textarea name=notes maxlength=<?php echo MAX_NOTE;?> rows=2 
cols=30 class=inputtxt onkeyup="return ismaxlength(this)"></textarea>
</td>
</tr>

<tr><td align=right nowrap><font size=2>
An OTP or device ID (modhex mode)<br>
from the Yubikey to be issued: 
</td>
<td align=left><font size=2>
<input name=otp id=otp size=40 maxlength=100 class=inputtxt value="">
</td>
<td align=left>
<font size=1 color=#aaaaaa>
</td>
</tr>

<tr><td align=right><font size=2>
Password: 
</td>
<td align=left><font size=2>
<input name=pin id=pin size=40 maxlength=100 class=inputtxt value="<?php echo genStrongPw();?>">
</td>
<td align=left>
<font size=1 color=#aaaaaa><< Auto-generated. The client admin use the password + Yubikey to log in to 
the management console.</font>
</td></tr>

<tr><td align=center colspan=2>
<input type=button class=buttonLinkO value="Add New Client" 
 onClick="submitAddClient()">
</td></tr></table></form>	

</td></tr></table>
</form>

</body>
</html>
